mirror of
https://gitlab.uni-freiburg.de/opensourcevdi/spice
synced 2025-12-26 22:48:19 +00:00
17096d1dc8
Current master is calling red_channel_destroy() on incoming error, but reds Channels still references it, which causes a double free() later on (see valgrind report below). Instead, on error condition, do like the rest of the channels and call reds_disconnect(), which remove the references and call shutdown(), which then call red_channel_destroy() and finally free the channel with red_channel_destroy(). Note: the previous code intention was certainly to be able to keep the rest of the channels connected when input channel has errors. This is not addressed by this patch. red_channel_shutdown: ==29792== Invalid read of size 8 ==29792== at 0x4C6F063: red_channel_shutdown (red_channel.c:460) ==29792== by 0x4C51EFA: inputs_shutdown (inputs_channel.c:463) ==29792== by 0x4C48445: reds_shatdown_channels (reds.c:539) ==29792== by 0x4C4868A: reds_disconnect (reds.c:603) ==29792== by 0x4C519E9: main_channel_on_error (main_channel.c:765) ==29792== by 0x4C6E80A: red_channel_peer_on_incoming_error (red_channel.c:215) ==29792== by 0x4C6E22D: red_peer_handle_incoming (red_channel.c:87) ==29792== by 0x4C6E551: red_channel_receive (red_channel.c:154) ==29792== by 0x4C6F329: red_channel_event (red_channel.c:531) ==29792== by 0x41CB8C: main_loop_wait (vl.c:1365) ==29792== by 0x437CDE: kvm_main_loop (qemu-kvm.c:1589) ==29792== by 0x41FE9A: main (vl.c:1411) ==29792== Address 0x30b0f6d0 is 0 bytes inside a block of size 28,648 free'd ==29792== at 0x4A05372: free (vg_replace_malloc.c:366) ==29792== by 0x4C6F032: red_channel_destroy (red_channel.c:454) ==29792== by 0x4C6E80A: red_channel_peer_on_incoming_error (red_channel.c:215) ==29792== by 0x4C6E22D: red_peer_handle_incoming (red_channel.c:87) ==29792== by 0x4C6E551: red_channel_receive (red_channel.c:154) ==29792== by 0x4C6F329: red_channel_event (red_channel.c:531) ==29792== by 0x41CB8C: main_loop_wait (vl.c:1365) ==29792== by 0x437CDE: kvm_main_loop (qemu-kvm.c:1589) ==29792== by 0x41FE9A: main (vl.c:1411) https://bugs.freedesktop.org/show_bug.cgi?id=34971 |
||
|---|---|---|
| client | ||
| common | ||
| python_modules | ||
| server | ||
| tests | ||
| tools | ||
| uncrustify_cfg | ||
| .gitignore | ||
| AUTHORS | ||
| autogen.sh | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING | ||
| GITVERSION | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
| spice1.proto | ||
| spice_codegen.py | ||
| spice-server.pc.in | ||
| spice.proto | ||
Copyright 2009 Red Hat, Inc. and/or its affiliates. This program and libraries is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, see <http://www.gnu.org/licenses/>.